Report Incident
× Home Cybertech Africa 2023 2 DPO Rw-CSIRT Website About Rw-CSIRT Alerts Advisories About NCSA Documentation News & Events Topics Contact us Opportunities Privacy Policy

How to secure your e-commerce platform

Kinyarwanda version
 
The festive season is the busiest period for consumer spending. With the majority of transactions being made online, cybercriminals target e-commerce platforms to intercept this increased exchange of sensitive data.
 
Owners and administrators of e-commerce platforms are encouraged to adopt the following best practices to protect the sensitive information of their clients and maintain trust in their platforms.
 
1. Patch your web servers and software to their latest versions
 
The software your e-commerce platform uses should be patched as soon as an upgrade becomes available. Software patches address newly discovered vulnerabilities, and your e-commerce platform should use the most recent software versions to ensure client data is protected against vulnerabilities.
 
2. Inform customers on how to use your platforms securely
 
Cybersecurity awareness is useful for everyone, including your users. Informing users on how to shop online securely, with general cybersecurity hygiene best practices, will help keep them protected while using your e-commerce platform.
 
Best practices can be found in our article on shopping safely online during the holidays.
 
3. Ensure you have encrypted and tested backups
 
Critical business data is primarily stored online, and cyber threats such as human error or a ransomware attack mean critical data can be lost at any moment. Backup important data once every 24 hours through offline local storage, the cloud or disaster recovery, so that you have copies of your data outside your organization network.
 
Encrypt your backups to ensure that they are secure. Additionally, all backups should be regularly tested (quarterly or biannually) to ensure they will work when restored.
 
4. Require the use of Multi-Factor Authentication (MFA)
 
Usernames and passwords can no longer be relied upon as a sufficient layer of security for protecting online accounts. To ensure users are more secure, make sure your e-commerce platform supports and requires multi-factor authentication, so that users implement secure access to their accounts. Learn more about Multi-Factor Authentication by reading our article on How to setup MFA.
 
5. Ensure your platform uses secure payment systems
 
An unsafe and vulnerable payment system can lead customers to not trust your platforms. Choose payment service providers that ensure sensitive client data is protected through encryption, in order to help build trust in your platform.
 
6. Only collect necessary customer information
 
Malicious insiders target company databases because they know that is where sensitive customer records are likely to be stored. Before collecting sensitive information, ask yourself what you must collect, and what you don’t need. Increasing the amount of information you store, increases the risk of fraud.
 
Specifically for credit card information, merchants can store the following details, provided they’re all properly encrypted:
 
  • Cardholder name
  • Primary account number (PAN)
  • Card expiration date
  • Service code (contained within the card’s magnetic stripe)
 
The following details cannot be stored, even when encrypted:
 
  • Authentication data
  • PIN code
  • CVV/CVC (verification code on back of card)

19 December 2022

© 2024 National Cyber Security Authority